Posted
by
Soulskill
on Tuesday January 12, 2016 @07:08PM
from the done-and-done dept.

An anonymous reader writes: Microsoft today ended support for old versions of Internet Explorer, including IE8, IE9, and IE10, as well as Windows 8. For the browsers, the company has also released a final patch (KB3123303) that includes the latest cumulative security updates and an "End of Life" upgrade notification. In short, the final patch will nag Windows 7 and Windows Server 2008 R2 users to upgrade to Internet Explorer: A new tab will automatically open the download IE page. It doesn’t appear Microsoft has plans to push similar notifications for Vista, Windows Server 2008, or Windows Server 2008 R2 users, but this isn’t too surprising: They can’t upgrade to IE11 or Edge without upgrading their operating system. While support for Windows 8 has ended, Windows 8.1 will have Mainstream Support until January 9, 2018 and Extended Support until January 10, 2023.

Posted
by
Soulskill
on Wednesday January 06, 2016 @12:35PM
from the fond-memories-of-using-it-to-download-firefox dept.

An anonymous reader writes: On Tuesday, January 12, Microsoft Internet Explorer 8, 9, and 10 will officially reach their end of life. A new patch going live soon will add a notification that nags users to upgrade. "What's even bigger about the end of life for these versions is that this means Internet Explorer 11 is the last version of Microsoft's old browser that's left supported, as the company continues to transition customers to Edge on Windows 10."

Posted
by
Soulskill
on Saturday December 05, 2015 @11:40AM
from the still-sounds-odd dept.

An anonymous reader writes: Microsoft announced today that it will soon open source the "Chakra" JavaScript engine used inside its Edge browser and Internet Explorer. The company plans to publish the code on its GitHub page in January. "Microsoft is calling the version it's open sourcing ChakraCore. This is the complete JavaScript engine—the parser, the interpreter, the just-in-time compiler, and the garbage collector along with the API used to embed the engine into applications (as used in Edge). This will have the same performance and capabilities, including asm.js and SIMD support, as well as cutting-edge support for new ECMAScript 2015 language features like the version found in Microsoft's Windows 10 browser." While it'll be Windows-only code to start, they plan on taking it cross-platform just as they did with .NET. "Microsoft intends to run ChakraCore's development as a proper community project. The company says that Intel and AMD have already expressed interest in contributing, and others are sure to join them."

Posted
by
timothy
on Tuesday December 01, 2015 @10:24AM
from the withering-on-the-perfectly-nice-vine dept.

prisoninmate writes: Google announces that its Google Chrome web browser will no longer be available for 32-bit hardware platforms. Additionally, Google Chrome will no longer be supported on the Ubuntu 12.04 LTS (Precise Pangolin) and Debian GNU/Linux 7 (Wheezy) operating systems. Users are urged to update to the Ubuntu 14.04 LTS (Trusty Tahr) release and Debian GNU/Linux 8 (Jessie) respectively. Google will continue to support the 32-bit build configurations for those who want to build the open-source Chromium web browser on various Linux kernel-based operating systems. Reader SmartAboutThings writes, on a similar note, that: Microsoft is tolling the death knell for Internet Explorer with an announcement that it will end support for all older versions next year. Microsoft says that all versions older than the latest one will no longer be supported starting Jan. 12, 2016. After this date, Microsoft will no longer provide security updates or technical support for older Internet Explorer versions. Furthermore, Internet Explorer 11 will be the last version of Internet Explorer as Microsoft shifts its focus on its next web browser, Microsoft Edge.

Posted
by
samzenpus
on Tuesday November 10, 2015 @02:06AM
from the common-element dept.

An anonymous reader writes: Adobe Flash Player provided eight of the top 10 vulnerabilities used by exploit kits in 2015. Angler is currently the most popular exploit kit, regularly tied to malware including Cryptolocker. Vulnerabilities in Microsoft's Internet Explorer and Silverlight are also major targets. All of these are the conclusions of a Recorded Future report.

Posted
by
timothy
on Saturday October 17, 2015 @03:40PM
from the if-you're-on-windows-anyhow dept.

MojoKid writes: The Internet and web browsers are an ever changing congruous mass of standards and design. Browser development is a delicate balance between features, security, compatibility and performance. However, although each browser has its own catchy name, some of them share a common web engine. Regardless, if you are in a business environment that's rolling out Windows 10, and the only browsers you have access to are Microsoft Edge or IE — go with Edge. It's the better browser of the two by far (security not withstanding). If you do have a choice, then there might better options to consider, depending on your use case. The performance differences between browsers currently are less significant than one might think. If you exclude IE, most browsers perform within 10-20% of each other, depending on the test. For web standards compliance like HTML5, Blink browsers (Chrome, Opera and Vivaldi) still have the upper-hand, even beating the rather vocal and former web-standards champion, Mozilla. Edge seems to trail all others in this area even though it's often the fastest in various tests.

Posted
by
Soulskill
on Tuesday August 18, 2015 @09:09PM
from the gift-that-keeps-on-giving dept.

mask.of.sanity writes: Microsoft has released an out-of-band patch for Internet Explorer versions seven to 11 that closes a dangerous remote code execution flaw allowing attackers to commandeer machines. From their advisory: "An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability." The attack could assist in watering hole and malvertising campaigns. The Windows 10 Edge browser is not impacted.

Posted
by
Soulskill
on Tuesday June 30, 2015 @07:05PM
from the dem's-fightin'-woids dept.

An anonymous reader writes: Software developer Nolan Lawson says Apple's Safari has taken the place of Microsoft's Internet Explorer as the major browser that lags behind all the others. This comes shortly after the Edge Conference, where major players in web technologies got together to discuss the state of the industry and what's ahead. Lawson says Mozilla, Google, Opera, and Microsoft were all in attendance and willing to talk — but not Apple.

"It's hard to get insight into why Apple is behaving this way. They never send anyone to web conferences, their Surfin' Safari blog is a shadow of its former self, and nobody knows what the next version of Safari will contain until that year's WWDC. In a sense, Apple is like Santa Claus, descending yearly to give us some much-anticipated presents, with no forewarning about which of our wishes he'll grant this year. And frankly, the presents have been getting smaller and smaller lately."

He argues, "At this point, we in the web community need to come to terms with the fact that Safari has become the new IE. Microsoft is repentant these days, Google is pushing the web as far as it can go, and Mozilla is still being Mozilla. Apple is really the one singer in that barbershop quartet hitting all the sour notes, and it's time we start talking about it openly instead of tiptoeing around it like we're going to hurt somebody's feelings."

Posted
by
Soulskill
on Tuesday June 23, 2015 @05:03PM
from the let's-see-if-the-Won't-Fix-tag-can-withstand-PR dept.

Trailrunner7 writes: Researchers at HP's Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer. The disclosure is a rarity for ZDI. The company typically does not publish complete details and exploit code for the bugs it reports to vendors until after the vulnerabilities are fixed. But in this case, Microsoft has told the researchers that the company doesn't plan to fix the vulnerabilities, even though the bugs were serous enough to win ZDI's team a $125,000 Blue Hat Bonus from Microsoft. The reason: Microsoft doesn't think the vulnerabilities affect enough users.

The vulnerabilities that the ZDI researchers submitted to Microsoft enable an attacker to fully bypass ASLR (address space layout randomization), one of the many mitigations in IE that help prevent successful exploitation of certain classes of bugs. ZDI reported the bugs to Microsoft last year and disclosed some limited details of them in February. The researchers waited to release the full details until Microsoft fixed all of the flaws, but Microsoft later informed them that they didn't plan to patch the remaining bugs because they didn't affect 64-bit systems.

Posted
by
timothy
on Friday April 24, 2015 @10:27PM
from the why-not-leave-the-code-to-survive-infancy-alone? dept.

jones_supa writes: As it did in the past when it tried to make Internet Explorer more secure, Microsoft has launched a new bug bounty program for Spartan browser, the default application of Windows 10 for surfing the information highway. A typical remote code execution flaw can bring between $1,500 and $15,000, and for the top payment you also need to provide a functioning exploit. The company says that it could pay even more than that, if you convince the jury on the entry quality and complexity. Sandbox escape vulnerabilities with Enhanced Protected Mode enabled, important or higher severity vulnerabilities in Spartan or its engine, and ASLR info disclosure vulnerabilities are also eligible. If you want to accept the challenge, Microsoft provides more information on how to participate.

Posted
by
Soulskill
on Friday April 03, 2015 @01:30PM
from the do-not-do-not-track dept.

An anonymous reader writes: The history of the do-not-track setting for web browsers has been rife with debate. It took a long time for web experts to come to anything resembling a consensus on how it should be implemented, and the process isn't over yet. Microsoft took criticism for enabling the do-not-track setting by default in Internet Explorer. While it sounds good in theory, many worried it would just spur websites to completely disregard the setting (and some, like Yahoo, did just that). Now, Microsoft has reversed their stance. The do-not-track setting will not be enabled by default in the company's future browsers. They say, "Put simply, we are updating our approach to DNT to eliminate any misunderstanding about whether our chosen implementation will comply with the W3C standard. ... As a result, DNT will not be the default state in Windows Express Settings moving forward, but we will provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so."

Posted
by
timothy
on Saturday March 28, 2015 @03:22AM
from the strange-circlings-back dept.

Anne Thwacks writes The British Government web site for applying for for a licence to be a security guard requires a plugin providing Internet Explorer emulation on Firefox to login and apply for a licence. It won't work with Firefox without the add-on, but it also wont work with Internet Explorer! (I tried Win XP and Win7 Professional). The error message says "You have more than one browser window open on the same internet connection," (I didn't) and "to avoid this problem, close your browser and reopen it." I did. No change.

I tried three different computers, with three different OSes. Still no change. I contacted their tech support and they said "Yes ... a lot of users complain about this. We have known about it since September, and are working on a fix! Meanwhile, we have instructions on how to use the "Fire IE" plugin to get round the problem." Eventually, I got this to work on Win7pro. (The plugin will not work on Linux). The instructions require a very old version of the plugin, and a bit of trial and error is needed to get it to work with the current one. How can a government department concerned with security not get this sort of thing right?"

Posted
by
timothy
on Saturday March 28, 2015 @12:40AM
from the evolution-continues dept.

MojoKid writes One of the most anticipated new features in Windows 10 is the Spartan web browser, which will replace the long-serving Internet Explorer. We've seen Spartan in action on the desktop/notebook front, but we're now getting a closer look at Spartan in action on the mobile side thanks to some newly leaked screenshots. Perhaps the biggest change with Spartan is the repositioning of the address bar from the bottom of the screen to the top (which is also in line with other mobile browsers like Safari and Chrome). The refresh button has also been moved from its right-hand position within the address bar to a new location to the left of the address bar. Reading Lists also make an appearance in this latest build of Spartan along with Microsoft's implementation of "Hubs" on Windows 10 for mobile devices.

Posted
by
Soulskill
on Friday March 20, 2015 @11:22AM
from the another-four-bite-the-dust dept.

darthcamaro writes: Every year, browser vendors patch their browsers ahead of the annual HP Pwn2own browser hacking competition in a bid to prevent exploitation. The sad truth is that it's never enough. This year, security researchers were able to exploit fully patched versions of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer 11 and Apple Safari in record time. For their efforts, HP awarded researchers $557,500. Is it reasonable to expect browser makers to hold their own in an arms race against exploits? "Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches," Brian Gorenc manager of vulnerability research for HP Security Research said.

Posted
by
Soulskill
on Tuesday March 17, 2015 @02:05PM
from the unpoisoning-the-well dept.

An anonymous reader writes: The Verge reports that Internet Explorer as we know it will be taking a back seat to Microsoft's new browser, Project Spartan, in Windows 10 and future projects. IE will still exist, and stick around for compatibility issues, but Project Spartan will be the default way users interact with the internet. Microsoft wants to distance itself with the negative connotations Internet Explorer has acquired through the years. They still haven't decided on an official name for Project Spartan, but it will probably have the company name in it.

Posted
by
Soulskill
on Tuesday March 17, 2015 @07:10AM
from the also-handsomer-and-better-at-darts dept.

HughPickens.com writes: In the world of Big Data, everything means something. Now Joe Pinsker reports that Cornerstone OnDemand, a company that sells software that helps employers recruit and retain workers, has found after analyzing data on about 50,000 people who took its 45-minute online job assessment, that people who took the test on a non-default browser, such as Firefox or Chrome, ended up staying at their jobs about 15 percent longer than those who stuck with Safari or Internet Explorer. They also tended to perform better on the job as well. Chief Analytics Officer Michael Housman offered an explanation for the results in an interview with Freakonomics Radio: "I think that the fact that you took the time to install Firefox on your computer shows us something about you. It shows that you're someone who is an informed consumer," says Housman. "You've made an active choice to do something that wasn't default." But why would a company care about something as seemingly trivial as the browser a candidate chooses to use? "Call centers are estimated to suffer from a turnover rate of about 45 percent annually (PDF), and it can cost thousands of dollars to hire new employees," says Pinsker. "Because of that, companies are eager to find any proxy for talent and dedication that they can."